Use firewalld API.

yast · Apr 12, 2018 · 8be8a1d · 8be8a1d
1 parent 1df35c4
commit 8be8a1d
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 68 deletions.
diff --git a/src/modules/RelocationServer.rb b/src/modules/RelocationServer.rb
@@ -29,9 +29,11 @@
 # Representation of the configuration of relocation-server.
 # Input and output routines.
 require "yast"
+require "y2firewall/firewalld"
 
 module Yast
   class RelocationServerClass < Module
+    include Yast::Logger
     def main
       Yast.import "UI"
       textdomain "relocation-server"
@@ -44,8 +46,6 @@ def main
       Yast.import "Message"
       Yast.import "Service"
       Yast.import "FileUtils"
-      Yast.import "SuSEFirewall"
-      Yast.import "SuSEFirewallServices"
 
       # Data was modified?
       @modified = false
@@ -83,6 +83,13 @@ def main
       }
     end
 
+    # Convenience method for obtaining a firewalld singleton instance
+    #
+    # @return [Y2Firewall::Firewalld] singleton instance
+    def firewalld
+      Y2Firewall::Firewalld.instance
+    end
+
     # Returns whether the configuration has been modified.
     def GetModified
       @modified
@@ -159,6 +166,9 @@ def ReadXendSettings
       true
     end
 
+    FWD_XEND_SERVICE = "xend-relocation-server".freeze
+    FWD_LIBVIRTD_SERVICE = "libvirtd-relocation-server".freeze
+
     # Writes current xend configuration
     def WriteXendSettings
       Builtins.y2milestone("Writing Xend configuration: %1", @SETTINGS)
@@ -176,10 +186,12 @@ def WriteXendSettings
       port = GetXendOption("xend-relocation-port")
       ssl_port = GetXendOption("xend-relocation-ssl-port")
       ports_list = [port, ssl_port]
-      SuSEFirewallServices.SetNeededPortsAndProtocols(
-        "service:xend-relocation-server",
-        { "tcp_ports" => ports_list }
-      )
+
+      begin
+        Y2Firewall::Firewalld::Service.modify_ports(name: FWD_XEND_SERVICE, tcp_ports: ports_list)
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        y2error("Firewalld '#{FWD_XEND_SERVICE}' service is not available.")
+      end
 
       true
     end
@@ -260,9 +272,13 @@ def ReadLibvirtServices
         Builtins.y2milestone("sshd is not running")
       end
 
-      ports = SuSEFirewallServices.GetNeededTCPPorts(
-        "libvirtd-relocation-server"
-      )
+      begin
+        fwd_libvirt = firewalld.find_service("libvirtd-relocation_service")
+        ports = fwd_libvirt.tcp_ports
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        ports = []
+      end
+
       @libvirtd_ports = Builtins.filter(ports) do |s|
         s != @libvirtd_default_ports
       end
@@ -291,10 +307,11 @@ def WriteLibvirtServices
             )
           end
         end
-        SuSEFirewallServices.SetNeededPortsAndProtocols(
-          "libvirtd-relocation-server",
-          { "tcp_ports" => @libvirtd_ports }
-        )
+        begin
+          Y2Firewall::Firewalld::Service.modify_ports(name: FWD_LIBVIRTD_SERVICE, tcp_ports: @libvirtd_ports)
+        rescue Y2Firewall::Firewalld::Service::NotFound
+          y2error("Firewalld '#{FWD_LIBVIRTD_SERVICE}' service is not available.")
+        end
       end
 
       all_ok
@@ -374,7 +391,7 @@ def Read
       Progress.NextStage
       progress_state = Progress.set(false)
       # Error message
-      Report.Warning(_("Cannot read firewall settings.")) if !SuSEFirewall.Read
+      Report.Warning(_("Cannot read firewall settings.")) if !firewalld.read
       Progress.set(progress_state)
       Builtins.sleep(sl)
 
@@ -478,7 +495,7 @@ def Write
       Progress.NextStage
       progress_state = Progress.set(false)
       # Error message
-      Report.Error(_("Cannot write firewall settings.")) if !SuSEFirewall.Write
+      Report.Error(_("Cannot write firewall settings.")) if !firewalld.write
       Progress.set(progress_state)
       Builtins.sleep(sl)
 

diff --git a/src/modules/VirtConfig.rb b/src/modules/VirtConfig.rb
@@ -26,25 +26,21 @@
 #
 # $Id$
 require "yast"
+require "y2firewall/firewalld"
 
 module Yast
   class VirtConfigClass < Module
-
     include Yast::Logger
 
     def main
       Yast.import "UI"
-
       textdomain "vm"
-
-
       Yast.import "Arch"
       Yast.import "OSRelease"
       Yast.import "Package"
       Yast.import "Progress"
       Yast.import "Popup"
       Yast.import "Report"
-      Yast.import "SuSEFirewall"
       Yast.import "Wizard"
       Yast.import "Label"
       Yast.import "Bootloader"
@@ -54,42 +50,6 @@ def main
       @net_path = "/sys/class/net/"
     end
 
-    def ConfigureFirewall
-      Builtins.y2milestone("VirtConfig::ConfigureFirewall() started")
-      ret = true
-
-      # check whether the firewall option exists
-      firewall_configured = false
-      if Builtins.contains(
-          SCR.Dir(path(".sysconfig.SuSEfirewall2")),
-          "FW_FORWARD_ALWAYS_INOUT_DEV"
-        )
-        xen_bridge = "xenbr+"
-        # read the current value
-        forward = Convert.to_string(
-          SCR.Read(path(".sysconfig.SuSEfirewall2.FW_FORWARD_ALWAYS_INOUT_DEV"))
-        )
-        Builtins.y2milestone("FW_FORWARD_ALWAYS_INOUT_DEV=%1", forward)
-        if Builtins.contains(Builtins.splitstring(forward, " "), xen_bridge)
-          Builtins.y2milestone("Firewall already configured!")
-          firewall_configured = true # xenbr+ already exists
-        end
-      end
-
-      if firewall_configured == false
-        # add xenbr+ to the firewall configuration
-        Builtins.y2milestone("Configuring firewall to allow Xen bridge...")
-        progress_orig = Progress.set(false)
-        SuSEFirewall.Read
-        SuSEFirewall.AddXenSupport
-        ret = ret && SuSEFirewall.Write
-        Progress.set(progress_orig)
-      end
-
-      Builtins.y2milestone("VirtConfig::ConfigureFirewall returned: %1", ret)
-      ret
-    end
-
     def isOpenSuse
       Builtins.y2milestone("Checking to see if this is openSUSE ...")
       distro = OSRelease.ReleaseName
@@ -610,17 +570,6 @@ def LXCDialog
       Builtins.y2milestone("Start virtlogd.socket: %1", cmd)
       SCR.Execute(path(".target.bash"), cmd)
 
-      # Firewall stage - modify the firewall setting, add the xen bridge to FW_FORWARD_ALWAYS_INOUT_DEV
-      # Progress::NextStage();
-
-      # Configure firewall to allow xenbr+
-      # success = success && ConfigureFirewall();
-      # if ( success == false ) {
-      #     // error popup
-      #     Report::Error(_("Failed to configure the firewall to allow the Xen bridge") + "\n" + abortmsg);
-      #     return false;
-      # }
-
       Progress.Finish
 
       message_kvm_ready = _(
@@ -671,7 +620,6 @@ def LXCDialog
       success
     end
 
-    publish :function => :ConfigureFirewall, :type => "boolean ()"
     publish :function => :isOpenSuse, :type => "boolean ()"
     publish :function => :isPAEKernel, :type => "boolean ()"
     publish :function => :isX86_64, :type => "boolean ()"